Index: lams_central/src/java/org/lamsfoundation/lams/web/qb/EditQbQuestionController.java =================================================================== diff -u -rf1da04a71e4b26ddae139a92a1af522cbb087000 -r9d47641d6f9dc421a253351549dc6fe532694589 --- lams_central/src/java/org/lamsfoundation/lams/web/qb/EditQbQuestionController.java (.../EditQbQuestionController.java) (revision f1da04a71e4b26ddae139a92a1af522cbb087000) +++ lams_central/src/java/org/lamsfoundation/lams/web/qb/EditQbQuestionController.java (.../EditQbQuestionController.java) (revision 9d47641d6f9dc421a253351549dc6fe532694589) @@ -121,7 +121,8 @@ throw new RuntimeException("QbQuestion with uid:" + qbQuestionUid + " was not found!"); } Integer userId = getUserId(); - boolean editingAllowed = qbService.isQuestionInPublicCollection(qbQuestion.getQuestionId()) + boolean editingAllowed = userManagementService.isUserSysAdmin() + || qbService.isQuestionInPublicCollection(qbQuestion.getQuestionId()) || qbService.isQuestionInUserOwnCollection(qbQuestion.getQuestionId(), userId) || qbService.isQuestionInUserSharedCollection(qbQuestion.getQuestionId(), userId); if (!editingAllowed) { Index: lams_central/src/java/org/lamsfoundation/lams/web/qb/QbCollectionController.java =================================================================== diff -u -r3cae79ba78db6b0e9282a3135bbda429181a6546 -r9d47641d6f9dc421a253351549dc6fe532694589 --- lams_central/src/java/org/lamsfoundation/lams/web/qb/QbCollectionController.java (.../QbCollectionController.java) (revision 3cae79ba78db6b0e9282a3135bbda429181a6546) +++ lams_central/src/java/org/lamsfoundation/lams/web/qb/QbCollectionController.java (.../QbCollectionController.java) (revision 9d47641d6f9dc421a253351549dc6fe532694589) @@ -37,6 +37,7 @@ import org.lamsfoundation.lams.qb.model.QbCollection; import org.lamsfoundation.lams.qb.model.QbQuestion; import org.lamsfoundation.lams.qb.service.IQbService; +import org.lamsfoundation.lams.security.ISecurityService; import org.lamsfoundation.lams.usermanagement.dto.UserDTO; import org.lamsfoundation.lams.util.CommonConstants; import org.lamsfoundation.lams.util.Configuration; @@ -71,6 +72,9 @@ @Autowired private IOutcomeService outcomeService; + @Autowired + private ISecurityService securityService; + @RequestMapping("/show") public String showUserCollections(Model model) throws Exception { Integer userId = getUserId(); @@ -321,6 +325,9 @@ if (userId == null) { return false; } + if (securityService.isSysadmin(getUserId(), "acess QB collection", true)) { + return true; + } Collection collections = qbService.getUserCollections(userId); return collections.stream().map(QbCollection::getUid).anyMatch(uid -> uid.equals(collectionUid)); } Index: lams_central/src/java/org/lamsfoundation/lams/web/qb/QbStatsController.java =================================================================== diff -u -rf1da04a71e4b26ddae139a92a1af522cbb087000 -r9d47641d6f9dc421a253351549dc6fe532694589 --- lams_central/src/java/org/lamsfoundation/lams/web/qb/QbStatsController.java (.../QbStatsController.java) (revision f1da04a71e4b26ddae139a92a1af522cbb087000) +++ lams_central/src/java/org/lamsfoundation/lams/web/qb/QbStatsController.java (.../QbStatsController.java) (revision 9d47641d6f9dc421a253351549dc6fe532694589) @@ -37,6 +37,7 @@ import org.lamsfoundation.lams.qb.model.QbCollection; import org.lamsfoundation.lams.qb.model.QbQuestion; import org.lamsfoundation.lams.qb.service.IQbService; +import org.lamsfoundation.lams.security.ISecurityService; import org.lamsfoundation.lams.usermanagement.dto.UserDTO; import org.lamsfoundation.lams.util.Configuration; import org.lamsfoundation.lams.util.ConfigurationKeys; @@ -66,14 +67,18 @@ @Autowired private IOutcomeService outcomeService; + @Autowired + private ISecurityService securityService; + @RequestMapping("/show") public String showStats(@RequestParam long qbQuestionUid, Model model) throws Exception { QbStatsDTO stats = qbService.getQuestionStats(qbQuestionUid); model.addAttribute("stats", stats); Integer userId = getUserId(); int qbQuestionId = stats.getQuestion().getQuestionId(); - boolean managementAllowed = qbService.isQuestionInPublicCollection(qbQuestionId) + boolean managementAllowed = securityService.isSysadmin(getUserId(), "allow QB question editing", true) + || qbService.isQuestionInPublicCollection(qbQuestionId) || qbService.isQuestionInUserOwnCollection(qbQuestionId, userId) || qbService.isQuestionInUserSharedCollection(qbQuestionId, userId); model.addAttribute("managementAllowed", managementAllowed);